Security Basics mailing list archives
Re: Linux Distribution Recomendation
From: peter () devbox adamantix org (Peter Busser)
Date: Thu, 11 Mar 2004 10:16:24 +0100
Hi!
all distro uses the same sw
- same kernel or tweekd ( broken )
- same gcc/glibc
- same bash
- same sendmail
- same dns
- same apache
- same ipchains/iptables
- same mysql ....
- same blah-blah ..
---> one distro is NOT more secure than another
That is definitely not true, not all distributions are created equal. There is a big difference in security between different distributions. Adamantix provides: - A kernel patch to make buffer exploits harder (PaX). - A C/C++ compiler patch which makes stack exploits harder (SSP aka ProPolice). - A kernel patch with improved access control (RSBAC) - Almost all binaries have been recompiled for ASLR (Address Space Layout Randomisation, where binaries, libraries, stack and heap are located at randomised addresses in the process memory). The combination of PaX and a proper RSBAC security policy can protect against ALL arbitrary code injection and execution. Most remote exploits depend on the ability to introduce and execute new code. There are ways around it, but they require more sophistication, more effort and have a lower chance of success. With a proper RSBAC security policy, even root cannot destroy the system anymore. In other words, root is no longer God on the system. A well designed policy could make the Linux kernel the weakest link. Your assumptions are wrong, therefore your conclusion is wrong too.
-- it solely depends on the user's ability to know
how to make it equally or better secure than the other
and i'd still pick slackware ... if its my choice
Well, sure, use whatever you like best.
The vision behind Adamantix is to improve the overall security features ofsounds like what nsa linux and trustix used to claim ?? along with the other secure linux ??
I don't know what they used to claim. Trustix is now a closed for-pay only distribution it seems (correct me if wrong). And SELinux is just a kernel patch. Adamantix provides RSBAC, which does everything SELinux does but more. People who used both RSBAC and SELinux say that RSBAC is easier to use. But it lacks good documentation though. Groetjes, Peter Busser --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Linux Distribution Recomendation Kareem Mahgoub (Mar 02)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 02)
- Re: Linux Distribution Recomendation Alvin Oga (Mar 02)
- Re: Linux Distribution Recomendation Ansgar -59cobalt- Wiechers (Mar 03)
- Re: Linux Distribution Recomendation Daniel Cid (Mar 02)
- Re: Linux Distribution Recomendation Tim Flowers (Mar 02)
- Re: Linux Distribution Recomendation Brian Shaw (Mar 03)
- Re: Linux Distribution Recomendation lucian (Mar 03)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Alvin Oga (Mar 08)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation matt (Mar 12)
- Re: Linux Distribution Recomendation Peter Busser (Mar 12)
- Re: Linux Distribution Recomendation Michael Gale (Mar 08)
- RE: Linux Distribution Recomendation Rod Trent (Mar 09)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 09)